Application: PHP Classifieds
Affected Version: version 7.3 and other versions.
Vendor’s URL: PHP Classifieds
Bug Type: Cross Site Scripting and File Upload
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, File Inclusion

Application: Drupal
Affected Version: version 5.x-1.3 and other versions.
Vendor’s URL: Drupal Tasklist Module
Bug Type: Cross Site Scripting and SQL Injection
Risk Level: Medium

Solution:
Update to version version 5.x-1.3.

Content Management, SQL Injection

Application: Drupal
Affected Version: prior to 6.x-2.2.
Vendor’s URL: Drupal Content Construction Kit
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to CCK 6.x-2.2.

Content Management, Cross Site Scripting

Application: WordPress
Affected Version: version 2.1
Vendor’s URL: WordPress fMoblog Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: PHP Pro Bid
Affected Version: version 6.05
Vendor’s URL: PHP Pro Bid
Bug Type: File Inclusion
Risk Level: Critical

Solution:
The vulnerability has been fixed in an updated version 6.05.

File Inclusion

Application: Drupal
Affected Version: prior to 5.x-1.19
Vendor’s URL: Drupal Forward Module
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Update to version 5.x-1.19.

Access Bypass, Content Management

Application: OpenPHPnuke
Affected Version: prior to 2.4.16
Vendor’s URL: OpenPHPnuke
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.4.16.

Content Management, SQL Injection

Application: Joomla
Affected Version:
Vendor’s URL: DigiStore Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, SQL Injection

Application: Drupal
Affected Version: version 5.x-1.3 and other versions.
Vendor’s URL: Protected Node Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 5.x-1.4 or later.

Content Management, Cross Site Scripting

Application: Coppermine
Affected Version: version 1.4.20 and 1.4.21 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.4.21, which protects from exploitation via bbcode tags. Do not visit untrusted web sites while logged on to the application.

Cross Site Scripting, Image Galleries

Application: Drupal
Affected Version: version 5.x-1.1 and other versions.
Vendor’s URL: Taxonomy Theme Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 5.x-1.2.

Content Management, Cross Site Scripting

Application: Drupal
Affected Version: version 5.x-1.5 and other versions.
Vendor’s URL: Viewfield Module
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitised.

Content Management, Cross Site Scripting

Application: Drupal
Affected Version: prior to 5.16 and 6.x prior to 6.10.
Vendor’s URL: Drupal Theme Engine
Bug Type: Local File Inclusion
Risk Level: Critical

Solution:
Update to a fixed version or apply patches.

– Drupal 5.x –
Update to version 5.16:
http://ftp.drupal.org/files/projects/drupal-5.16.tar.gz

Patch for version 5.15:
http://drupal.org/files/sa-core-2009-003/SA-CORE-2009-003-6.9.patch

– Drupal 6.x –
Update to version 6.10:
http://ftp.drupal.org/files/projects/drupal-6.10.tar.gz

Patch for version 6.9:
http://drupal.org/files/sa-core-2009-003/SA-CORE-2009-003-6.9.patch

Content Management, File Inclusion